TITLE:
Sun Java Insecure Installation Process Vulnerability

SECUNIA ADVISORY ID:
SA10141

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Sun Java SDK 1.4.x
Sun Java JRE 1.4.x

DESCRIPTION:
A vulnerability has been reported in Sun Java, which can be exploited
by malicious, local users to overwrite arbtirary files during the
installation process.

The problem is that the files "/tmp/unpack.log", "/tmp/.mailcap1",
and "/tmp/.mime.types1" are created insecurely. This allows malicious
users to conduct symlink attacks to overwrite arbitrary files.

The vulnerability only affects Sun Java on Linux during the
installation process.

This has been reported to affect versions 1.4.2 to 1.4.2_02.

SOLUTION:
Do not install Sun Java on Linux systems while untrusted users are
logged on. Also make sure that symlinks are not already present in
the "/tmp" folder.

REPORTED BY / CREDITS:
Stan Bubrouski

----------------------------------------------------------------------